Privacy policy

SkinCo, LLC Website Privacy Policy

1. Purpose

Effective Date: 24 April 2024

This Privacy Policy describes our data practices with regard to your Personal Information, including the kinds of information we collect, how we collect, use, disclose, and retain that information, and how you can exercise choice regarding that information. “Personal Information” means any information relating, or reasonably capable of being linked, to you.

When we offer goods and services to individuals in the European Economic Area (EEA), we are subject to the EU General Data Protection Regulation (EU GDPR), which applies across the entire European Union. For California consumers, we are subject to the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA). We are responsible as a "controller" of that personal information for the purposes of the GDPR. We are responsible for your personal information as a "business" under the CCPA/CPRA.

This Privacy Policy applies to luminskin.com and all other websites, applications, products, services, and other offerings (collectively, the “Service” or “Services”) owned and operated by SkinCo, LLC and our affiliates and subsidiaries (“Lumin,” “we,” “our,” or “us”) that link to this Privacy Policy or offline locations that makes this Privacy Policy available to you. It does not apply to information collected by third parties or information collected in the context of your employment with us.

Your use of the Services is also governed by our Terms and Conditions.

Some regions provide additional rights by law. Please visit the relevant region-specific section at the end of this Privacy Policy or through the links below:

CALIFORNIA

COLORADO, CONNECTICUT, UTAH, AND VIRGINIA

NEVADA

EU, UK AND SWITZERLAND

If you have any questions, please contact us as set out in the “Contact Us” section below.

2. Types of Personal Information We Collect and How We Collect It

When you use the Services, you may be asked to provide Personal Information to us, such as when you register an account, make a purchase, sign-up for our newsletters, participate in a promotion, respond to our surveys, contact support, or apply for a job. The categories of Personal Information we collect include:

a. Information You Provide through the Services

Contact identifiers, including your name, email address, mailing address, and phone number.

Characteristics or demographics, such as your age and gender.

Commercial or transactions information, including records of products or services you purchased, obtained, or considered.

Account credentials, including your username, password, password hints, and other information for authentication or account access.

Payment information, including your payment instrument number (such as a credit or debit card number), expiration date, security code. and billing address as necessary to process your payments. This information is processed by our payment processors.

User-generated content, including content within any messages you send to us (such as feedback, questions, or survey responses) or publicly post on the Services (such as in product reviews or blog comments).

Contact identifiers relating to other consumers. If you choose to use our referral program to tell a friend about Lumin, we may collect your friend's personal information, such as their email address. We will automatically send your friend an email to join the Luminary League and invite them to purchase a Lumin product. We store your friend’s information in order to send this one-time email and to track the success of our referral program. Do not provide us with any information relating to other consumers unless you have their express consent.

Professional, employment, or education-related information, including your employment and work history, transcripts, writing samples, references, and other information necessary to consider you for a job.

Please do not provide any information that we do not request.

b. Information Collected from Your Device or Browser

When you use the Services, we and third parties we work with automatically collect information from your browser or device. The categories of information we automatically collect include:

Device identifiers, including your device’s IP address, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet.

Device information, including your device’s operating software and browser (e.g., type, version, and configuration), internet service provider, and regional and language settings.

Internet activity, including information about your browsing history and interactions, such as the features you use, pages you visit, content you view, purchases you make or consider, time of day you browse, and referring and exiting pages.

Non-precise location data, such as location derived from an IP address or data that indicates a city or postal code level.

Session Recordings and Heat Maps. We work with analytics service providers, such as Hotjar, to collect information through tracking technologies and generate session recordings and heat maps about user behavior on the Services, including user clicks, taps, mouse movement, scrolling, and hot zones. Details on how to opt-out of Hotjar analytics is available at https://www.hotjar.com/policies/do-not-track/.

This information is automatically collected through cookies and other tracking technologies incorporated into our Service, as described below:

Cookies. Cookies are small text files which are placed on your browser when you visit a website, open or click on an email, or interact with an advertisement. Our Service uses session cookies (which expire when you close your browser) and persistent cookies (which expire at a set expiration date or when you manually delete them). We incorporate both first party cookies (which are cookies served directly by us) and third party cookies (which are cookies served by third parties we work with). We use cookies for a variety of purposes, including to help make our website work, personalize your browsing experience, prevent fraud and assist with security, perform measurement and analytics, and provide advertising (including targeted advertising).

Pixels. Pixels (also known as web beacons) are code embedded within a service. There are various types of pixels, including image pixels (which are one-pixel transparent images) and JavaScript pixels (which contain JavaScript code). Pixels are often associated with cookies and are used for similar purposes. When you access a service that contains a pixel, the pixel may permit us or a third party to drop or read cookies on your browser, or collect other information about your browser or device.

For details on your choices around cookies and other tracking technologies, see the “Your Privacy Choices” section below.

c. Information Collected from Other Sources

We also collect information from other sources. The categories of sources from which we collect information include:

Business partners that offer co-branded services, sell or distribute our products, or engage in joint marketing or promotional activities.

Third party vendors and related parties we work with in connection with receiving analytics, advertising, security, and fraud prevention services.

Social media platforms with which you interact. For example, when you “like,” “follow”, or otherwise engage with our content on social media (such as through our brand page or direct message), we may collect information such as your contact identifiers and any comments you provide. If you publicly reference our Service on social media (such as by using a hashtag associated with us in a tweet or post), we may use your reference on or in connection with our Service.

Data providers, such as licensors of private and public databases.

Public sources, including where information is in the public domain.

d. Information We Infer

We infer new personal information from other information, including to generate personal information about your likely preferences or other characteristics.

e. Sensitive Information

To the extent any of categories of information we collect are sensitive categories of personal information under applicable law, we process such information only for the limited purposes permitted by applicable law. We do not sell or use sensitive categories of personal information for purposes of targeted advertising or to make inferences.

3. How We Use Your Information

We collect and use personal information in accordance with the practices described in this Privacy Policy, including in the following ways:

Providing services. We use information to provide services to you, including to operate the Service, establish and maintain your account, and provide support.

Personalizing your experience. We use information to personalize your experience and show you content we believe you will find interesting.

Communications. We use information to communicate with you about updates, security alerts, changes to policies, and other transactional messages. We also use information to personalize and deliver marketing communications to you. Communications may be by email, and, where you opt-in, text messages.

Analytics. We use information to understand trends, usage, and activities, for example through surveys you respond to and tracking technologies that we incorporate into the Service (such as Amplitude and Google Analytics). We also use information for research and development purposes, including to improve our services and make business and marketing decisions.

Advertising. We work with agencies, ad networks, technology providers, and other third parties to place ads about our products and services on other websites and services. For example, we place ads through Google and Facebook that you may view on their platforms as well as on other websites and services. As part of this process, we incorporate tracking technologies into our own Service as well as into our ads displayed on other websites and services. Some of these tracking technologies may track your activities over time and across non-affiliated services and obtain or infer information about you for purposes of showing you relevant advertising based on your preferences and interests (“targeted advertising”). We also use audience matching services (which is a type of targeted advertising) to reach people (or people similar to people) who have visited our Service or are identified in one or more of our databases (“matched ads”). This is done by us providing a list of hashed email addresses to a third party or incorporating a pixel from a third party into our own Service, and the third party matching common factors between our data and their data. For instance, we incorporate the Facebook pixel on our Service and may disclose your hashed email address to Facebook as part of our use of Facebook Custom Audiences.

Promotions. When you voluntarily enter a promotion, we use information as set out in the official rules that govern the promotion as well as for administrative purposes and as required by law. By entering a promotion, you agree to the official rules that govern that promotion, and that, except where prohibited by applicable law, we, the sponsor, and related entities may use your name, voice and/or likeness in advertising or marketing materials.

Security and enforcement. We use information to prevent, detect, investigate, and address fraud, breach of policies or terms, or threats or harm.

Recruitment. We use information to make decisions about recruiting and in anticipation of a contract of employment.

At your direction or with your consent. We use information for additional purposes where you direct us to use it in a certain way or with notice to you and your consent.

Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may use non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around use of your information, see the “Your Privacy Choices” section below.

4. How We Disclose Your Information

Lumin may disclose your information in the following ways:

Service providers. Many of the third parties we work with are service providers that collect and process information on our behalf. Service providers perform services for us such as order fulfillment and warehousing, payment processing, data analytics, marketing and advertising, website hosting, and technical support. To the extent required by law, we contractually prohibit our service providers from processing information they collect on our behalf for purposes other than performing services for us, although we may permit them to use non-personal information for any purpose to the extent permitted by applicable law.

Third party vendors and related parties. Some of the third parties we work with to perform services act as our service providers in some contexts, but in other contexts independently control the purposes and means of processing your information. For example, we disclose information to ad networks, technology providers, and other third parties that help provide targeted advertising, but may also use information for their own purposes. For these third parties, we encourage you to familiarize yourself with and consult their policies and terms of use.

Business partners. We disclose information to our business partners in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing or promotional activities.

Affiliates. We disclose information to our affiliates and related entities, including where they act as our service providers subject to this Privacy Policy or use the information in accordance with their own privacy policies.

The public. We disclose information you make public, such as information in your profile or that you post on public boards. Please think carefully before making information public as you are solely responsible for any information you make public. Once you have posted information, you may not be able to edit or delete such information, subject to any rights you have under applicable law.

Recipients in a merger or acquisition. We disclose information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.

Recipients for security and enforcement. We disclose information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also disclose information to protect the rights, property, life, health, security and safety of us, the Service or anyone else.

Recipients at your direction or with your consent. We disclose information where you direct us to or with notice to you and your consent.

Sometimes we aggregate or de-identify information so it is no longer considered personal information. We may disclose non-personal information for any purpose to the extent permitted by applicable law. For details on your choices around disclosure of your information, see the “Your Privacy Choices” section below.

5. Third Parties

We may link to or offer parts of our Service through websites and services controlled by third parties. In addition, we may integrate technologies, including those disclosed in the “How we Collect Information” section above, controlled by third parties. Except where third parties act as our service providers, they, and not us, control the purposes and means of processing any information they collect from you, and you should contact them directly to address any concerns you have about their processing. Third party data practices are subject to their own policies and disclosures, including what information they collect, your choices, and whether they store information in the U.S. or elsewhere. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

6. Your Privacy Choices

We provide a variety of ways for you to exercise choice, as described below.

a. Region-Specific Rights

Some regions provide additional rights by law, as described in our region-specific terms below. This subsection details how you may exercise some of those rights to the extent they apply to you.

Data subject requests. To access, delete, or exercise similar rights available to you in your region with respect to your information, please submit a request through our privacy center found here, email support@luminskin.com or call our toll-free number at 1-626-714-5807 for more information. You may also access the request form by navigating to website footer, clicking "Request Personal Data", and then clicking "Request a report" in the customer privacy center page here. To correct your information, please navigate to the customer privacy center page or email us at support@luminskin.com, specifying the information that is incorrect, and how it should be changed.

Opt-out of sales, shares, and targeted advertising. To opt-out of sales or shares (as those terms are defined by applicable law), or the processing of information for targeted advertising purposes, click the “Cookie Settings” link in our website footer, or turn on a recognized opt-out preference signal, such as Global Privacy Control, in your browser or extension. Please note that when you submit an opt-out through either method we do not know who you are within our systems, and your opt-out will apply only to information collected from tracking technologies on the specific browser from which you opt-out. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you are logged into your account when you submit the request, where required by law, we will apply the request to your account.

If you choose to contact us directly, you will need to provide us with enough information to identify you (e.g., your full name, address and customer or matter reference number), proof of your identity and address and a description of what right you want to exercise and the information to which your request relates. We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person's behalf. Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.

b. Communications

You can opt-out of receiving certain communications from us, as described below. Your opt-out is limited to the email address, phone number, or device used and will not affect subsequent subscriptions.

Emails. Through your account settings, by following the unsubscribe instructions near the bottom of such emails, or by emailing us at support@luminskin.com with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt out of transactional messages, such as emails relating to available upgrades, billing and payment information, outstanding balance on your account, and other emails relating to your account and/or your use of the Services.

Texts. For texts, by texting “STOP” in response to any text message you receive from us or contacting us at support@luminskin.com and specifying you want to opt-out of text messages.

Direct Mail. If you would like to opt-out of receiving communication via postal mail, contact support@luminskin.com. To learn more about your rights as a consumer and to receive less national advertising mail, please visit the Direct Marketing Association at https://www.dmachoice.org.

c. Accounts

If you hold an account with us, you can delete your account through your account settings or by emailing support@luminskin.com. We will address your request in accordance with our data retention practices.

d. Browser and Device Controls

Cookies and pixels. You may be able to manage cookies through your browser settings. When you manage cookies, pixels associated with such cookies may also be impacted. Please note that cookie management only applies to our website. If you use multiple browsers, you will need to instruct each browser separately. If you delete or reset your cookies, you will need to reconfigure your settings. Your ability to limit cookies is subject to your browser settings and limitations.

Preference signals. Your browser or extension may allow you to automatically transmit Do Not Track and other preference signals. Except as required by law, we do not respond to preference signals.

Third party opt-out tools. Some third parties we work with offer their own opt-out tools related to information collected through cookies and pixels. To opt out of your information being used by Google Analytics, please visit https://tools.google.com/dlpage/gaoptout. We are not responsible for the effectiveness of any third party opt-out tools.

Industry opt-out tools for targeted advertising. Some of the third parties we work with participate in programs that allow you to opt-out of receiving targeted advertising from participants. To opt-out of receiving targeted advertising from participants of the Digital Advertising Alliance (“DAA”) on your browser, visit https://www.aboutads.info/choices. To opt-out of receiving targeted advertising from participants of the Network Advertising Initiative (“NAI”) on your browser, visit https://www.networkadvertising.org/choices/. To opt-out of receiving targeted advertising from participants of the DAA on our apps, visit https://www.aboutads.info/appchoices. If you choose to opt-out of targeted advertising through these links, you should no longer see targeted advertising from the selected participants on the browser or device from which you opted-out, but the opt-out does not mean that the participants will not process your information for targeted advertising purposes or that you will not receive any advertising. We are not responsible for the effectiveness of any third party opt-out tools.

e. Matched Ads

To opt out of us disclosing your hashed email address to third parties for matched ads purposes, please click the “Cookies Settings” below to opt out of matched ads. We will remove your email address from any subsequent lists disclosed to third parties for matched ads purposes.

7. Data Security

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

8. Retention

We will keep your personal information while you have an account with us or while we are providing products or services to you. Thereafter, we retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

9. Children

The Service is not directed toward children under 13 years old (or under the age of 16 in certain jurisdictions, such as EU member countries), and we do not knowingly collect personal information (as that term is defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information from children, please contact us as set out in the “Contact Us” section below. We will delete the personal information in accordance with COPPA.

10. International Transfer

We are based in the U.S. If you are located outside the U.S., please be aware that your information may be transferred to and processed in the U.S. or another country where we operate.

11. Contact Us

SkinCo, LLC

1968 S. Coast Hwy

Suite #3080

Laguna Beach, CA 92651

support@luminskin.com

Toll-free customer service helpline: 1-626-714-5807

To exercise choice, use the methods described in the “Your Privacy Choices” section above or your region-specific terms below.

12. Changes to our Privacy Policy

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon our posting of the revised Privacy Policy. Your continued use of our Services indicates your consent to the Privacy Policy posted. If the changes are material, we may provide you with additional notice to your email address.

CALIFORNIA

13. California

These additional rights and disclosures apply only to California residents. Terms have the meaning ascribed to them in the California Consumer Protection Act as amended by the California Privacy Rights Act (“CPRA”), unless otherwise stated.

a. Notice at Collection

At or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:

For the categories of personal information we have collected in the past 12 month, see the “Types of Personal Information We Collect and How We Collect It” section above.
For the categories of sources from which personal information is collected, see the “Types of Personal Information We Collect and How We Collect It” section above.
For the specific business and commercial purposes for collecting and using personal information, see the “How We Use Your Information” section above.
For the categories of third parties to whom information is disclosed, see the “How We Disclose Your Information” section above.
For the criteria used to determine the period of time information will be retained, see the “Retention” section above.

Some of our disclosures of personal information may be considered a “sale” or “share” as those terms are defined under the CPRA. A “sale” is broadly defined under the CPRA to include a disclosure for something of value, and a “share” is broadly defined under the CPRA to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: contact identifiers, characteristics or demographics, commercial or transactions information, user-generated content, device identifiers, device information, internet activity, non-precise geolocation data, and inferences drawn from any of the above. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents. For details on your rights regarding sales and shares, please see the “Right to Opt-Out of Sales and Shares” section below.

Some of the personal information we collect may be considered sensitive personal information under the CPRA. We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CPRA or without the purpose of inferring characteristics about consumers. We do not sell or share sensitive personal information.

b. Rights to Know, Correct, and Delete

You have the following rights under the CPRA:

The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which personal information is collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
The right to correct inaccurate personal information that we maintain about you.
The right to limit the use of sensitive personal information to that which is necessary to perform the Services.
The right to delete personal information we have collected from you.
The right to non-discrimination in goods or services for exercising your rights under the CPRA.

To exercise any of these rights, please follow the instructions for data subject requests in the “Your Privacy Choices” section above. Please note these rights are subject to exceptions. If you have an account with us, we may require you to use the account to submit the request. We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.

c. Right to Opt-Out of Sales and Shares

To the extent we sell or share your personal information as those terms are defined under the CPRA, you have the right to opt-out of the sale or sharing of your personal information. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the “Your Privacy Choices” section above.

d. Authorized Agent

You can designate an authorized agent to submit requests on your behalf. Requests from authorized agents must be submitted to support@luminskin.com. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

e. Right to Non-Discrimination

You have the right not to receive discriminatory treatment by us for the exercise of any your rights.

f. Shine the Light

Under California’s Shine the Light law, customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To make a request, please write us at the email or postal address set out in the “Contact Us” section above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

COLORADO, CONNECTICUT, UTAH, AND VIRGINIA

14. Colorado, Connecticut, Utah, and Virginia

These additional rights and disclosures apply only to residents of Colorado, Connecticut, Utah, and Virginia. Terms have the meaning ascribed to them in the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), and the Virginia Consumer Data Protection Act (“VCDPA”), as applicable.

a. Data Subject Requests

You may have the following rights under applicable law:

To confirm whether or not we are processing your personal data
To access your personal data
To correct inaccuracies in your personal data
To delete your personal data
To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format

To exercise any of these rights, please follow the instructions for data subject requests in the “Your Privacy Choices” section above. Please note these rights are subject to exceptions. We will respond to your request within 45 days. If you have an account with us, we may require you to use the account to submit the request. We may require specific information from you to help us confirm your identity and process your request. If we are unable to verify your identity, we may deny your request. We do not process personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.

b. Right to Opt-Out of Sales and Targeted Advertising

You also may have the right to opt-out of the processing of personal data for purposes of targeted advertising or the sale of personal data. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the “Your Privacy Choices” section above.

c. Authorized Agent

d. Appeals

If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at support@luminskin.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:

For Colorado residents, to the Colorado AG at https://coag.gov/file-complaint/
For Connecticut residents, to the Connecticut AG at https://www.dir.ct.gov/ag/complaint/
For Virginia residents, to the AG at https://www.oag.state.va.us/consumercomplaintform

NEVADA

15. Nevada

If you are a Nevada consumer, you have the right to direct us not to sell certain information that we have collected or will collect about you. To exercise this right, please follow the instructions for opting out of sales, shares, and targeted advertising in the “Your Privacy Choices” section above.

EU, UK AND SWITZERLAND

15. Lawful Basis for Processing

Generally, we process personal information provided by visitors through our website or other interactions with us on the basis our legitimate interests in conducting our business. Where we ask for your consent, we process personal information on the basis of that consent.

We may also process personal information on other bases permitted by the GDPR and applicable laws, such as when the processing is necessary for us to comply with our legal obligations.

16. Your Rights Under the EU GDPR

You have the following rights against us with respect to the personal data concerning you:

Right to Be Informed. The right to know or be notified about the collection and use of your personal information.
Right to Access. The right to be provided with a copy of your personal information (the right of access)
Right to Rectification. The right to require us to correct any mistakes in your personal information.
Right to be Forgotten. The right to require us to delete your personal information—in certain situations.
Right to Restriction of Processing. The right to require us to restrict processing of your personal information—in certain circumstances, e.g., if you contest the accuracy of the data.
Right to Data Portability. The right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party—in certain situations.
Right to Object. The right to object at any time to your personal information being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal information, e.g., processing carried out for the purpose of our legitimate interests.
Right Not to be Subject to Automated Individual Decision-Making. The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ICO) on individual rights under the EU General Data Protection Regulation

17. Where Your Personal Information is Held.

Information may be held at our offices, third party agencies, service providers, representatives and agents as described above (see above: “Who We Share Your Personal Information with”).

Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see below: “Transferring Your Personal Information Out of the EEA.”

18. Data Transfers

Lumin’s headquarters is based in the United States and that’s where we process personal information collected through our website. When you provide personal information to us, we request your consent to transfer that personal information to the United States. The United States does not have an adequacy decision from the European Commission, which means that the Commission has not determined that the laws of the United States provide adequate protection for personal information. To the extent we receive personal data transferred from the European Union (EU), the United Kingdom (UK), and Switzerland, we take appropriate steps to protect your privacy and implement reasonable security measures to protect your personal information in storage. We use secure transmission methods to collect personal data through our website. We also enter into contracts with our data processors that require them to treat personal information in a manner that is consistent with this Notice.

19. Right to Lodge a Complaint

You have the right to file a complaint concerning our processing of your personal data with your national (or in some countries, regional) data protection authority. The EU Commission has a list here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. The data protection authority for the United Kingdom is the Information Commissioner’s Office (www.ico.org.uk). The federal data protection authority for Switzerland is the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/task.html.

Privacy policy

Let’s Be Social